eCryptfs is a POSIX-compliant enterprise-class stacked cryptographic filesystem
for Linux.
It provides advanced key management and policy features. eCryptfs stores
cryptographic metadata in the header of each file written, so that encrypted
files can be copied between hosts; the file will be decryptable with the proper
key, and there is no need to keep track of any additional information aside
from what is already in the encrypted file itself. Think of eCryptfs as a sort
of "gnupgfs".
eCryptfs is a native Linux filesystem. The kernel module component of eCryptfs
is part of the Linux kernel since 2.6.19.
This package contains the userland utilities.

Changelog

2016-02-26 - Dustin Kirkland <kirkland@ubuntu.com>
ecryptfs-utils (111-0ubuntu1) xenial; urgency=medium
* src/utils/ecryptfs-setup-private: LP: #1328689
- fix a long standing bug, where setting up an encrypted private,
encrypted home, or migrating to an encrypted home did not work
correctly over ssh sessions
- the root cause of the bug is some complexity in the handling of
user keyrings and session keyrings
- the long term solution would be to correctly use session keyrings
- the short term solution is to continue linking user and session
keyrings
* xenial

2016-02-23 - Dustin Kirkland <kirkland@ubuntu.com>
ecryptfs-utils (110) xenial; urgency=medium
[ Tyler Hicks ]
* Remove unnecessary dependencies in the Debian packaging (LP: #1548975)
- debian/control: Remove opencryptoki from ecryptfs-utils
Suggests and libopencryptoki-dev from libecryptfs-dev Depends as
openCryptoki is not a dependency of eCryptfs.
- debian/rules: Remove openCryptoki related logic since it was not being
used and is no longer needed
- debian/control: Remove libtspi-dev from libecryptfs-dev Depends since
--disable-tspi is passed to the configure script
- debian/control: Remove libpkcs11-helper1-dev from libecryptfs-dev
Depends since --disable-pkcs11-helper is passed to the configure script
- debian/control: Remove libgpg-error-dev and libgpgme11-dev from
libecryptfs-dev Depends since --disable-gpg is passed to the configure
script
- debian/control: Remove libgcrypt11-dev from Build-Depends and
libecryptfs-dev Depends since --enable-nss is passed to the configure
script to use NSS instead of Libgcrypt
- debian/control: Remove libkeyutils-dev and libpam0g-dev from
libecryptfs-dev Depends since these are build-time dependencies and not
run-time dependencies

2016-01-22 - Dustin Kirkland <kirkland@ubuntu.com>
ecryptfs-utils (109) xenial; urgency=medium
[ Maikel ]
* doc/manpage/ecryptfs-migrate-home.8: Fix typos in man page (LP: #1518787)
[ Kylie McClain ]
* src/utils/mount.ecryptfs.c, src/utils/mount.ecryptfs_private.c: Fix build
issues on musl libc (LP: #1514625)
[ Colin Ian King ]
* src/daemon/main.c:
- Static analysis with Clang's scan-build shows that we can potentially
overflow the input buffer if the input is equal or more than the buffer
size. Need to guard against this by:
1. Only reading in input_size - 1 chars
2. Checking earlier on to see if input_size is value to insure that we
read in at least 1 char
[ Tyler Hicks ]
* src/utils/mount.ecryptfs_private.c:
- Refuse to mount over non-standard filesystems. Mounting over
certain types filesystems is a red flag that the user is doing
something devious, such as mounting over the /proc/self symlink
target with malicious content in order to confuse programs that may
attempt to parse those files. (LP: #1530566)